After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 763458 - wayland: crash when switching to/from fullscreen rapidly
wayland: crash when switching to/from fullscreen rapidly
Status: RESOLVED DUPLICATE of bug 762639
Product: mutter
Classification: Core
Component: wayland
3.19.x
Other Linux
: Normal normal
: ---
Assigned To: mutter-maint
mutter-maint
Depends on:
Blocks:
 
 
Reported: 2016-03-10 12:20 UTC by Olivier Fourdan
Modified: 2016-03-10 13:10 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Proposed patch (1.05 KB, patch)
2016-03-10 12:23 UTC, Olivier Fourdan 		none Details | Review
Proposed patch (Updated) (1.26 KB, patch)
2016-03-10 12:31 UTC, Olivier Fourdan 		reviewed Details | Review

Description Olivier Fourdan 2016-03-10 12:20:16 UTC 
Description

Switching rapidly between fullscreen/unfullscren leads to a crash in mutter.

How reproducible:

100%

Steps to reproduce:

1. Open google-chrome
2. Keep F11 pressed

Actual result

mutter crashes in cogl_texture_get_height() from meta_shaped_texture_get_image() because the given texture is NULL

Expected result

No crash.

Additional data:

+ Trace 236051

  • #0 cogl_texture_get_height
    at cogl-texture.c line 216
  • #1 meta_shaped_texture_get_image
    at compositor/meta-shaped-texture.c line 867
  • #2 shell_util_get_content_for_window_actor
    at shell-util.c line 448
  • #3 ffi_call_unix64
    from /lib64/libffi.so.6
  • #4 ffi_call
    from /lib64/libffi.so.6
  • #5 gjs_invoke_c_function
    at gi/function.cpp line 999
  • #6 function_call
    at gi/function.cpp line 1323
  • #7 js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct)
    from /lib64/libmozjs-24.so
  • #8 Interpret(JSContext*, js::RunState&)
    from /lib64/libmozjs-24.so
  • #9 js::RunScript(JSContext*, js::RunState&)
    from /lib64/libmozjs-24.so
  • #10 js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct)
    from /lib64/libmozjs-24.so
  • #11 js_fun_apply(JSContext*, unsigned int, JS::Value*)
    from /lib64/libmozjs-24.so
  • #12 js::Invoke(JSContext*, JS::CallArgs, js::MaybeConstruct)
    from /lib64/libmozjs-24.so
  • #13 js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::Value*)
    from /lib64/libmozjs-24.so
  • #14 js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>)
    from /lib64/libmozjs-24.so
  • #15 ??
  • #16 ?? 






Comment 1


Olivier Fourdan





          2016-03-10 12:23:30 UTC
        



Created attachment 323616 [details] [review]
Proposed patch






Comment 2


Olivier Fourdan





          2016-03-10 12:31:35 UTC
        



Created attachment 323617 [details] [review]
Proposed patch (Updated)






Comment 3


Jonas Ådahl





          2016-03-10 12:42:39 UTC
        



Review of attachment 323617 [details] [review]:

::: src/compositor/meta-shaped-texture.c
@@ +863,3 @@
                                                           clip->height);
+      if (mask_texture == NULL)
+        return surface;

The only way I see for this to return NULL (except OOM which I assume is not the reason) is if the clip passed is invalid (either zero size or being partly outside of the texture). If that is the reason it fails, I think we should avoid passing those values, because the checks are just (by the looks of it) g_return_val_if_fail() which are macros that may be disabled.






Comment 4


Rui Matos





          2016-03-10 13:10:31 UTC
        



I believe the patch in bug 762639 is more appropriate

*** This bug has been marked as a duplicate of bug 762639 ***